With the development of Internet-based applications, such services as Internet-based shopping, Internet-based games, and Internet-based transactions are being pushed to users. Accounts of users for logging in to such Internet-based applications are becoming high-valued. Thefts of user's accounts and various virtual properties run wild, causing challenges to security of users accounts and virtual properties. In view of the above, when users log in to the Internet-based applications using the accounts, carry out payment, conduct virtual property transactions, it is an indispensable step to verify real identities of the users.
Currently, identity verification is implemented mainly by entering a pre-registered static or dynamic password by a user on a computer or a terminal of a other form. In this verification mode, the static password and the dynamic password are both subject to a risk of being stolen from the user by a third party (stealer) by means of Trojan virus or by other means. In addition, this verification mode increases user's learning cost and operation cost.